使用 RODBC 的参数化查询 [英] Parameterized queries with RODBC
问题描述
我在 R 中有一个变量,我想将其传递给数据库.我可以使用paste
,就像许多人在阅读谷歌搜索结果时所建议的那样,但由于 SQL 注入漏洞,这是不安全的.我更喜欢这样的东西:
I have a variable in R that I would like to pass to a database. I could use paste
like many suggest when reading Google results, but that is unsafe because of SQL injection vulnerabilities. I'd rather prefer something like this:
x <- 42
sqlQuery(db, 'SELECT Id, Name FROM People WHERE Age > ?;', bind=c(x))
是否可以在 RODBC 中使用参数化查询?如果没有,是否有支持它们的替代库?
Is it possible to use parameterized queries with RODBC? If not, is there an alternative library that supports them?
我使用的是 SQL Server、RODBC 1.3-6 和 R 3.0.0.
I'm using SQL Server, RODBC 1.3-6 and R 3.0.0.
推荐答案
Mateusz Zoltak 在 2014 年编写了 RODBCext
包(基于 Brian Ripley 和 Michael Lapsley 的工作):
Mateusz Zoltak wrote RODBCext
package in 2014 (based on work by Brian Ripley and Michael Lapsley):
conn = odbcConnect('MyDataSource')
sqlPrepare(conn, "SELECT * FROM myTable WHERE column = ?")
sqlExecute(conn, 'myValue')
sqlFetchMore(conn)
来源:http://cran.r-project.org/web/packages/RODBCext/vignettes/Parameterized_SQL_queries.html
这篇关于使用 RODBC 的参数化查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!